New untethered jailbreak works for iDevices running iOS 6.x

The tool makes use of a previously undisclosed exploit in iOS 6.

An iOS hacking team that calls itself "evad3rs" has released a tool to jailbreak devices running iOS 6. The tool, called "evasi0n," is available for OS X, Windows, and Linux. It can jailbreak iOS 6.0, 6.0.1, 6.0.2, and 6.1 on all compatible iPhones, iPads, and iPod touches.

For those unfamiliar with jailbreaking, it's a process that defeats the built-in security and DRM features of iOS, allowing greater flexibility in customization, the ability to install apps outside of the official App Store, and access to iOS's underlying UNIX internals. Jailbreakers tend to use the technique to enable functionality that isn't part of iOS, or to customize the look of icons and other elements. Some also use it to unlock devices from particular carriers or to install software otherwise barred (and sometimes pirated) from the App Store.

Jailbreaking tools typically rely on some undocumented flaw that enables working around iOS's security measures. As such, each new version of iOS usually patches flaws once they are exploited by jailbreaking tools, so each version of iOS often requires a new jailbreak tool. evasi0n uses a previously undisclosed exploit that works on all available versions of iOS 6. It also works "untethered," meaning the iOS device doesn't need to be plugged into a computer to re-enable the jailbreak every time the device is rebooted.

Promoted Comments

A big congratulations to the team behind this. Without jailbreaking I find iOS practically unusable, and while it's a major strike against the platform in general that a jailbreak is required rather then it being an option (even if for-pay) available officially the jailbreak is still a fantastic bandaid while it lasts. It will of course vary from person to person, but it's hard to really appreciate how useful even minor features like customizable information on the lock screen or enhanced action menus (with copy/paste history, in-place dictionary lookup etc) is until you get used to it and then have to do without. Some of the functionality, like being able to change your default browser, is hard to see why Apple doesn't build-in (it's there on OS X), while other bits are clearly never likely to be allowed, but all of it breaths a lot of extra life into an OS that has otherwise been pretty stagnant compared to Android. Android may be a better choice period starting fresh for people who care, but for those with existing investments jailbreaks help a lot.

For anyone looking for more discussion and details, FoO's excellent Perpetual 6.x Jailbreak Info thread is the main current hub in the Mac Ach.

A big congratulations to the team behind this. Without jailbreaking I find iOS practically unusable, and while it's a major strike against the platform in general that a jailbreak is required rather then it being an option (even if for-pay) available officially the jailbreak is still a fantastic bandaid while it lasts. It will of course vary from person to person, but it's hard to really appreciate how useful even minor features like customizable information on the lock screen or enhanced action menus (with copy/paste history, in-place dictionary lookup etc) is until you get used to it and then have to do without. Some of the functionality, like being able to change your default browser, is hard to see why Apple doesn't build-in (it's there on OS X), while other bits are clearly never likely to be allowed, but all of it breaths a lot of extra life into an OS that has otherwise been pretty stagnant compared to Android. Android may be a better choice period starting fresh for people who care, but for those with existing investments jailbreaks help a lot.

For anyone looking for more discussion and details, FoO's excellent Perpetual 6.x Jailbreak Info thread is the main current hub in the Mac Ach.

Possibly the one of the last public jailbreaks as Apple continues to harden the core and fix these exploits.

<citation needed>

While naturally it is nearly impossible to say whether any given jailbreak will be the last one (and dawesdust_12 is using some weasel-y language there, I could "possibly" be struck by lightning this week), it does raise a point that's worth keeping in mind for anyone who comes to depend on jailbreaks. One long term issue with jailbreaking is that in genetic terms the jailbreaking community acts as an environmental pressure on Apple. They're constantly hunting for any possible bugs with any release, and unlike criminals then don't keep them to themselves or try to be stealthy but rather quickly release them out into the open where Apple can promptly patch them. There aren't an infinite number of low-level bugs in the OS code, and given that the cores of systems tend to be far more static then the higher level components it's perfectly possible the bugs would get "consumed" at a faster rate then new ones would get added. One would therefore expect that initially there would be jailbreaks all the time with extremely rapid release, but that over time it would take longer and longer.

And that is in fact what we've been seeing. I sometimes wonder if that itself isn't part of the reason Apple has chosen to maintain the current status quo. They've effectively gotten a very talented, motivated and diverse security testing team working on their system for free, and iOS is probably significantly more secure now then it would have been if the JB pressure had never existed in the first place. It does create some perverse incentives all around too though.

At any rate, the practical end-user result is that yeah, there is some extra thinking required now. A jailbreak can't be counted upon at any given moment, and reliability is a significant core offering of the iOS platform in the first place. Barring a "lucky" break like the A4 bootrom issue, the trend line over time will probably continuously aim up.

Eraserhead wrote:

It took them long enough.

These are stupid enough comments to see even on the general sites, but it's particularly disappointing on Ars.

Still not certain whether I will jailbreak this time around. The last time I did, I jailbroke my iPad in July 2011 and removed it before iOS5 came out. Just never found apps that were terribly useful. I did get some console emulators, but other than that, I just didn't see the point. I understand that some people find jailbreaking important, but I never did. Maybe some of you have app I should look at that might change my mind.

So don't these "jailbreak" coders break the white-hat code of ethics to disclose security issues to the developer? They act very white-hat, in the sense that they want to help users to better utilize their devices... But in the end it seems they would only be hurting the security of the device(s) by not disclosing the flaw....

It would be nice if you didn't need to rely on bugs to gain control over hardware you own.

One of the things I like so much about WebOS. You don't. Palm and later HP were (and still are) very friendly to the people who were enthusiastic about the platform. Even when that enthusiasm meant using it in unforeseen ways.

I don't expect Apple to ever change but I hope whoever becomes the #3 platform is open. Which is a point against Blackberry (I think it would threaten their business focus, or at least they'd see it that way), not sure about Microsoft yet.

I've never jailbroken before, but I'm going to give it a shot now. Mostly for shits and giggles; I find that iOS does what I need it to do and rarely find myself thinking "...if only my phone did [X] I'd be happier."

I've never jailbroken before, but I'm going to give it a shot now. Mostly for shits and giggles; I find that iOS does what I need it to do and rarely find myself thinking "...if only my phone did [X] I'd be happier."

Use an Android phone for a few days and you'll realize all the features you're missing.

My understanding is that it wasn't a technical issue. They just wanted to wait until 6.1 was out to make sure there weren't any curveballs that weren't going to bork up everything right after release. As we're likely to keep with 6.1 until the next major iOS release, it seems like a good release strategy, as I'm sure the uptake isn't high enough for Apple to care about plugging that particular hole as long as it doesn't become a security liability.

Still not certain whether I will jailbreak this time around. The last time I did, I jailbroke my iPad in July 2011 and removed it before iOS5 came out. Just never found apps that were terribly useful. I did get some console emulators, but other than that, I just didn't see the point. I understand that some people find jailbreaking important, but I never did. Maybe some of you have app I should look at that might change my mind.

Its just really dependant on the user and what they want out of their iOS. If you have no reason to jailbreak then dont bother... unless you just like giving the middle finger to Apple, which is enough of a reason IMO

I saw that unlocking was recently made illegal without the carrier's consent. On the other hand, AT&T unlocked my iPhone 4 at my request just yesterday. So they aren't being hard-asses about it... yet.

And only three days after jailbreaking your phone became inexplicably illegal again in the US!

Not sure why it's inexplicable; the Library of Congress issued a temporary exception; Congress did nothing to make the exception permanent, and the exception expired.

It's inexplicable because it completely circumvents the first-sale doctrine, one of the cornerstones of the free market we're supposed to enjoy in the good ol' US of A. I know WHY it happened, the "inexplicable" part is that there's no reason for it to be illegal in the first place.

So don't these "jailbreak" coders break the white-hat code of ethics to disclose security issues to the developer?

No, on two different levels. First, clearly they are disclosing the security issue. It's right there, that's what the jailbreak is (and typically after it's out they discuss it in details as well). Apple will have the info they need by definition, this isn't some sneaky targeted hack circulating for a while before it gets noticed.

Secondly and more fundamentally, these are not professional security researchers, these are people aiming at liberating iOS to enable additional development and features. That is the primary goal. While a secondary result is that Apple will be able to patch the hole, they have absolutely no responsibility whatsoever to disclose anything, there is no official "white-hat code of ethics", just people following what they believe to be good practice for their particular situation. It is a company's choice to create this odd duality wherein, unlike normal, a security bug is not a pure negative but rather both a negative and a positive. In this case it's Apple, but that applies just as much to any other vendor of a locked platform (be it Microsoft, Sony, Nintendo, or whomever).

If Apple decided to bring the situation more in line with OS X, and have a default "app store only" requirement while allowing the option to sideload (and that need not mean disabling all DRM either), then the situation would be different. As it is, there is nothing wrong with pursuing a jailbreak, even if it means a security vulnerability being unpatched for a greater length of time. They have no responsibility to Apple or anyone else.

Bonzo the Fifth wrote:

My understanding is that it wasn't a technical issue. They just wanted to wait until 6.1 was out to make sure there weren't any curveballs that weren't going to bork up everything right after release.

Well, it did take a significant amount of dev time and work, long enough that the extra wait until 6.1 absolutely made sense. But if it had been all packaged up and set 4 months ago then the calculations might have been different, or if there were lots and lots of exploits still available. You're right that they need to be more careful with what they find nowadays, and waiting for the first major patch is a sensible choice in light of that.

Quote:

As we're likely to keep with 6.1 until the next major iOS release

Actually that seems unlikely. It'd be a surprise if there were no minor (6.1.1, 6.1.2...) updates at least, and Apple may well roll a fix into those.

I've never jailbroken before, but I'm going to give it a shot now. Mostly for shits and giggles; I find that iOS does what I need it to do and rarely find myself thinking "...if only my phone did [X] I'd be happier."

Use an Android phone for a few days and you'll realize all the features you're missing.

I have and I know what you mean. I realized all thing I can't do or at best very well with the android phone.

What's the practical difference between a tethered and untethered jailbreak?

If for some reason you needed to reboot your device, you'd have to reconnect to your computer via the USB cable and run the jailbreak tool to inject the proper code into the boot process. Untethered means all the code needed is stored on the device itself and doesn't require another computer to deliver the payload.

I've never jailbroken before, but I'm going to give it a shot now. Mostly for shits and giggles; I find that iOS does what I need it to do and rarely find myself thinking "...if only my phone did [X] I'd be happier."

Use an Android phone for a few days and you'll realize all the features you're missing.

Possibly the one of the last public jailbreaks as Apple continues to harden the core and fix these exploits.

Not sure why you are being downvoted so vigorously, here. You may be right.

Fact is, every jailbreak depends on finding a very fundamental security exploit in iOS -- one nasty enough to allow root access. Since Apple fixes all of the exploits used in a jailbreak, it makes sense that the opportunities to find new ones grow less likely with each release.

Is this the last one? Impossible to say. I do think it's safe to say that each release will make finding an exploit harder and harder and eventually Apple will patch all of them, thus blocking jailbreaks. It's inevitable.

I saw that unlocking was recently made illegal without the carrier's consent. On the other hand, AT&T unlocked my iPhone 4 at my request just yesterday. So they aren't being hard-asses about it... yet.

AT&T is following the proper requirements set by the new law for unlocking:

The person requesting the unlock is:A current AT&T customer, orA former AT&T customer who can provide the phone number or account number for the account.The iPhone was designed for use on the AT&T network.All contract obligations, including any term commitment, associated with the device to be unlocked have been fully satisfied.The iPhone has not been reported lost or stolen.

So don't these "jailbreak" coders break the white-hat code of ethics to disclose security issues to the developer?

No, on two different levels. First, clearly they are disclosing the security issue. It's right there, that's what the jailbreak is (and typically after it's out they discuss it in details as well). Apple will have the info they need by definition, this isn't some sneaky targeted hack circulating for a while before it gets noticed.

Secondly and more fundamentally, these are not professional security researchers, these are people aiming at liberating iOS to enable additional development and features. That is the primary goal. While a secondary result is that Apple will be able to patch the hole, they have absolutely no responsibility whatsoever to disclose anything, there is no official "white-hat code of ethics", just people following what they believe to be good practice for their particular situation. It is a company's choice to create this odd duality wherein, unlike normal, a security bug is not a pure negative but rather both a negative and a positive. In this case it's Apple, but that applies just as much to any other vendor of a locked platform (be it Microsoft, Sony, Nintendo, or whomever).

If Apple decided to bring the situation more in line with OS X, and have a default "app store only" requirement while allowing the option to sideload (and that need not mean disabling all DRM either), then the situation would be different. As it is, there is nothing wrong with pursuing a jailbreak, even if it means a security vulnerability being unpatched for a greater length of time. They have no responsibility to Apple or anyone else.

Bonzo the Fifth wrote:

My understanding is that it wasn't a technical issue. They just wanted to wait until 6.1 was out to make sure there weren't any curveballs that weren't going to bork up everything right after release.

Well, it did take a significant amount of dev time and work, long enough that the extra wait until 6.1 absolutely made sense. But if it had been all packaged up and set 4 months ago then the calculations might have been different, or if there were lots and lots of exploits still available. You're right that they need to be more careful with what they find nowadays, and waiting for the first major patch is a sensible choice in light of that.

Quote:

As we're likely to keep with 6.1 until the next major iOS release

Actually that seems unlikely. It'd be a surprise if there were no minor (6.1.1, 6.1.2...) updates at least, and Apple may well roll a fix into those.

IMO disclosing the flaw in with an active exploit that you are then releasing to the masses is just bad... But I guess everyone is entitled to their own opinions. Bottom line there is a security flaw that allows this exploit to work, these individuals knew about the flaw, and then release an application that exploits the flaw. I just don't know if I can agree with the ethics of this from a security point of view...

While I surely appreciate some things that are possible only with jailbreaking (and will finally update to 6.x now) one should not forget that this also disables a couple of important security features in iOS.

A jailbroken iOS will happily run unsigned code which is a good thing if this is code you WANT to run and not so good if this is code that finds its way onto the device without your knowledge. It's a two-edged sword, really.

If Apple would fix a handful of shortcomings in iOS I wouldn't see the need to jailbreak anymore and I'm fairly sure many others too.

I mean things like some toggle widgets in the notification center, being able to change the default browser and have a way to scroll the cursor without dragging it around would make iOS just better. Having to hack the thing for that feels just... wrong.

-- currently running iOS 5.1.x-- don't want to run iOS 6.x now, but want to have the option to run iOS 6.1 with jailbreak in the future-- iOS 6.1.1 will come out in 1 week and the jailbreak will no longer work on it

What do I need to do before iOS 6.1.1 comes out? (Something about Apple no longre "signing" iOS 6.1 once iOS 6.1.1 comes out, and I have to "save something" before that happens?)

It also works "untethered," meaning the iOS device doesn't need to be plugged into a computer to re-enable the jailbreak every time the device is rebooted.

Is that what untethered means now? I thought untethered meant that you could jailbreak the phone the first time without having to plug it into a computer. Keeping the jailbreak across reboots should really be called "persistent," right?

Bonzo the Fifth wrote:

As we're likely to keep with 6.1 until the next major iOS release, it seems like a good release strategy, as I'm sure the uptake isn't high enough for Apple to care about plugging that particular hole as long as it doesn't become a security liability.

If it were truly an untethered jailbreak, it would already be a huge security liability. As it is, you have to plug the device in via USB, so it's a bit harder to weaponize.

Very impressed indeed. Apple have been upping their game a lot recently, and making life really hard for the jailbreakers, so hats off to Evad3rs and everyone else who helped out researching and implementing this one.

I foolishly upgraded my iPad 3 to iOS 6 because I wanted to see just how bad Maps was, losing my jailbreak and all my toys (ffmpeg and various other useful stuff). My own stupid fault, as I didn't really gain anything of value.

This jb seems to have worked, I look forward to working out how to recover my Cydia account and re-install my purchases. Unsurprisingly, Cydia is pretty much dead in the water from load right now, but that is entirely forgiveable.

Very pleased to see this, I felt a little put out with my locked-down rootless iPad next to my unlocked Nexus 7 and rooted Galaxy SIII.

ScottTFrazer wrote:

Is that what untethered means now? I thought untethered meant that you could jailbreak the phone the first time without having to plug it into a computer. Keeping the jailbreak across reboots should really be called "persistent," right?

For what it's worth, it's what I always understood by untethered, and have always done when jailbreaking various devices. I don't care if I have to connect my device to a bench supply, logic analyser, camel and tin of surströmming to actually to the jailbreaking- that's a one-off and less relevant. "Tethered" is usually that the device needs to be plugged into something else when it boots up for normal use, in order to be jailbroken.

Maybe you were spoiled by that delightful Safari-based jailbreak for iOS before (jailbreakme? something like that), which was was rather impressive. Lots of people were. Of course, the flipside of that was that the security hole used was insanely dangerous to the user in normal operation too- as malfeasants could root the device at will too. That really did force Apple's hand, making a quick update unavoidable. An exploit where you have to gain physical access to the dock connector is a lot less worrying in that regard

Its just really dependant on the user and what they want out of their iOS. If you have no reason to jailbreak then dont bother... unless you just like giving the middle finger to Apple, which is enough of a reason IMO

I'm really puzzled by this line of thinking. They already have your money. It's not like you're bypassing a subscription service. How exactly are you really giving the middle finger to Apple?

A big congratulations to the team behind this. Without jailbreaking I find iOS practically unusable, and while it's a major strike against the platform in general that a jailbreak is required rather then it being an option

Those are strong statements. I have an iPhone because I like how it works, and I like the functionality it provides. It appears as if millions of others do as well.

While I have jailbroken every iPhone I have owned, back down to iOS 1.x, me, and others (looks like you included) continue to buy new iPhones, and upgrade them. If the Jailbreak was essential to you or anyone else, they would have held off the upgrade to 6.x until the jailbreak was available. Obviously, many did not...

Look, I love quick toggles. I love quick reply to texts. I even love the pictures of all my contacts in all of my contact lists — but to say the iPhone is "practically unusable" and that "jailbreaking is required rather then it being an option" is way overboard. Cydia is fun, the app store is fun, but if you don't like the way iOS works, then you can always go with Android. Good luck with that.